SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave

SurfingAttack exploits ultrasonic guided wave propagating through solid-material tables to attack voice control systems. By leveraging the unique properties of acoustic transmission in solid materials, we design a new attack called SurfingAttack that would enable multiple rounds of interactions between the voice-controlled device and the attacker over a longer distance and without the need to be in line-of-sight. By completing the interaction loop of inaudible sound attack, SurfingAttack enables new attack scenarios, such as hijacking a mobile Short Message Service (SMS) passcode, making ghost fraud calls without owners' knowledge, etc.

Read the Paper, Cite

@inproceedings{yan2020surfingattack,
    author = {Yan, Qiben and Liu, Kehai and Zhou, Qin and Guo, Hanqing and Zhang, Ning},
    title = {SurfingAttack: Interactive Hidden Attack on Voice Assistants Using Ultrasonic Guided Wave},
    booktitle={Network and Distributed Systems Security (NDSS) Symposium},
    year = {2020},
}

Team

Features

SurfingAttack demonstration

Unnoticeable SurfingAttack in a realistic scenario

(SurfingAttack system including a metal sheet or a glass sheet with attack device is hidden under a tablecloth)

SurfingAttack on different phones



SurfingAttack on different functions



SurfingAttack under different scenarios

30ft long distance attack on a large Aluminum metal plate

SurfingAttack on metal plate with different thicknesses


SurfingAttack on glass plate with different thicknesses


SurfingAttack under other scenarios